Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-13 23:57:07 +00:00
Code Issues Projects Releases Packages Wiki Activity
syft/test/integration/go_compiler_detection_test.go
Christopher Angelo Phillips f6c8057977
feat: add package for go compiler given binary detection (#2195) 
adds a unique synthetic package to the SBOM output that represents the go compiler when it is detected as a part of a package discovered by the go binary cataloger.

When using an SBOM generated by syft - downstream vulnerability scanners now have the opportunity to detect/report on the PURL/CPEs attached to the new stdlib package.
---------

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-06 13:15:50 -04:00

62 lines
1.8 KiB
Go
Raw Blame History

package integration
import (
"testing"
"github.com/anchore/syft/syft/cpe"
"github.com/anchore/syft/syft/source"
)
func TestGolangCompilerDetection(t *testing.T) {
tests := []struct {
name string
image string
expectedCompilers []string
expectedCPE []cpe.CPE
expectedPURL []string
}{
{
name: "syft can detect a single golang compiler given the golang base image",
image: "image-golang-compiler",
expectedCompilers: []string{"go1.18.10"},
expectedCPE: []cpe.CPE{cpe.Must("cpe:2.3:a:golang:go:1.18.10:-:*:*:*:*:*:*")},
expectedPURL: []string{"pkg:golang/stdlib@1.18.10"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
sbom, _ := catalogFixtureImage(t, tt.image, source.SquashedScope, nil)
packages := sbom.Artifacts.Packages.PackagesByName("stdlib")
foundCompilerVersions := make(map[string]struct{})
foundCPE := make(map[cpe.CPE]struct{})
foundPURL := make(map[string]struct{})
for _, pkg := range packages {
foundCompilerVersions[pkg.Version] = struct{}{}
foundPURL[pkg.PURL] = struct{}{}
for _, cpe := range pkg.CPEs {
foundCPE[cpe] = struct{}{}
}
}
for _, expectedCompiler := range tt.expectedCompilers {
if _, ok := foundCompilerVersions[expectedCompiler]; !ok {
t.Fatalf("expected %s version; not found in found compilers: %v", expectedCompiler, foundCompilerVersions)
}
}
for _, expectedPURL := range tt.expectedPURL {
if _, ok := foundPURL[expectedPURL]; !ok {
t.Fatalf("expected %s purl; not found in found purl: %v", expectedPURL, expectedPURLs)
}
}
for _, expectedCPE := range tt.expectedCPE {
if _, ok := foundCPE[expectedCPE]; !ok {
t.Fatalf("expected %s version; not found in found cpe: %v", expectedCPE, expectedCPE)
}
}
})
}
}
Reference in a new issue View git blame Copy permalink